1. Home
    2. PAN-OS
    3. PAN-OS® Administrator’s Guide
    4. Policy
    5. Move or Clone a Policy Rule or Object to a Different Virtual System

    Move or Clone a Policy Rule or Object to a Different Virtual System

    On a firewall that has more than one virtual system (vsys), you can move or clone policy rules and objects to a different vsys or to the Shared location. Moving and cloning save you the effort of deleting, recreating, or renaming rules and objects. If the policy rule or object that you will move or clone from a vsys has references to objects in that vsys, move or clone the referenced objects also. If the references are to shared objects, you do not have to include those when moving or cloning. You can Use Global Find to Search the Firewall or Panorama Management Server for references.
    When cloning multiple policy rules, the order by which you select the rules will determine the order they are copied to the device group. For example, if you have rules 1-4 and your selection order is 2-1-4-3, the device group where these rules will be cloned will display the rules in the same order you selected. However, you can reorganize the rules as you see fit once they have been successfully copied.
    1. Select the policy type (for example,
      Policy
      Security
      ) or object type (for example,
      Objects
      Addresses
      ).
    2. Select the
      Virtual System
       and select one or more policy rules or objects.
    3. Perform one of the following steps:
      • Select
        Move
        Move to other vsys
         (for policy rules).
      • Click
        Move
         (for objects).
      • Click
        Clone
         (for policy rules or objects).
    4. In the
      Destination
       drop-down, select the new virtual system or
      Shared
      .
    5. (
      Policy rules only
      ) Select the
      Rule order
      :
      • Move top
         (default)—The rule will come before all other rules.
      • Move bottom
        —The rule will come after all other rules.
      • Before rule
        —In the adjacent drop-down, select the rule that comes after the Selected Rules.
      • After rule
        —In the adjacent drop-down, select the rule that comes before the Selected Rules.
    6. The
      Error out on first detected error in validation
       check box is selected by default. The firewall stops performing the checks for the move or clone action when it finds the first error, and displays just this error. For example, if an error occurs when the
      Destination
       vsys doesn’t have an object that the policy rule you are moving references, the firewall will display the error and stop any further validation. When you move or clone multiple items at once, selecting this check box will allow you to find one error at a time and troubleshoot it. If you clear the check box, the firewall collects and displays a list of errors. If there are any errors in validation, the object is not moved or cloned until you fix all the errors.
    7. Click
      OK
       to start the error validation. If the firewall displays errors, fix them and retry the move or clone operation. If the firewall doesn’t find errors, the object is moved or cloned successfully. After the operation finishes, click
      Commit
      .

    Related Documentation

    Move or Clone a Policy Rule or Object to a Different Device...

    Move or Clone a Policy Rule or Object to a Different Device Group On Panorama, if a policy rule or object that you will move ...

    Move or Clone a Policy Rule

    Move or Clone a Policy Rule When moving or cloning policies , you can assign a Destination (a virtual system on a firewall or a ...

    Move or Clone an Object

    Move or Clone an Object When moving or cloning objects, you can assign a Destination (a virtual system on a firewall or a device group ...

    Create and Manage Authentication Policy

    Create and Manage Authentication Policy Select the Policies Authentication page to create and manage Authentication policy rules: Task Description Add Perform the following prerequisites before ...

    Create a Device Group Hierarchy

    Create a Device Group Hierarchy Plan the Device Group Hierarchy . Decide the device group levels, and which firewalls and virtual systems you will assign ...

    Creating and Managing Policies

    Creating and Managing Policies Select the Policies Security page to add , modify, and manage security policies: Task Description Add To add a new policy ...

    Manage the Rule Hierarchy

    Manage the Rule Hierarchy The order of policy rules is critical for the security of your network. Within any policy layer (shared, device group, or ...

    Manage Device Groups

    Manage Device Groups Add a Device Group Create a Device Group Hierarchy Create Objects for Use in Shared or Device Group Policy Revert to Inherited ...

    Clone Configuration

    Clone Configuration Use action=clone to clone an existing configuration object. Use the xpath parameter to specify the location of the object to be cloned. Use ...

    Multi-Move or Multi-Clone Configuration

    Multi-Move or Multi-Clone Configuration Use the action=multi-move and action=multi-clone actions to move and clone addresses across device groups and virtual systems. Templates do not support ...

    © 2019 Palo Alto Networks, Inc. All rights reserved.

    Techdocs Logo